Guest User

Untitled

a guest
Oct 12th, 2020
86
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##################################################
  2.  
  3. ## Nemesida WAF settings
  4.  
  5. ##################################################
  6.  
  7.  
  8. ##
  9.  
  10. # License key and signature database
  11.  
  12. ##
  13.  
  14.  
  15. nwaf_license_key none;
  16.  
  17. nwaf_rules /etc/nginx/nwaf/rules.bin;
  18.  
  19.  
  20. ##
  21.  
  22. # Nemesida WAF activation for virtual host
  23.  
  24. ##
  25.  
  26.  
  27. nwaf_host_enable *;
  28.  
  29. # nwaf_host_enable example.com, example.org;
  30.  
  31. # nwaf_host_enable .example.com;
  32.  
  33. # nwaf_host_enable *.example.com;
  34.  
  35.  
  36. ##
  37.  
  38. # Ban settings
  39.  
  40. ##
  41.  
  42.  
  43. nwaf_limit rate=5r/m block_time=600;
  44.  
  45. # nwaf_limit rate=5r/m block_time=0 domain=example.com;
  46.  
  47.  
  48. ##
  49.  
  50. # API and proxy settings
  51.  
  52. ##
  53.  
  54.  
  55. nwaf_api_conf host=http://nwaf-api.xxx.ru:8081 api_proxy=none sys_proxy=none;
  56.  
  57.  
  58. ##
  59.  
  60. # MLA settings
  61.  
  62. ##
  63.  
  64.  
  65. nwaf_mla 127.0.0.1:5101 mla_score:2;
  66.  
  67.  
  68. # nwaf_mla_host_lm *;
  69.  
  70. # nwaf_mla_host_lm example.com, example.org;
  71.  
  72. # nwaf_mla_host_lm .example.com;
  73.  
  74. # nwaf_mla_host_lm *.example.com;
  75.  
  76.  
  77. ##
  78.  
  79. # MLC settings
  80.  
  81. ##
  82.  
  83.  
  84. # nwaf_rmq_host_exclude *;
  85.  
  86. # nwaf_rmq_host_exclude example.com, example.org;
  87.  
  88. # nwaf_rmq_host_exclude .example.com;
  89.  
  90. # nwaf_rmq_host_exclude *.example.com;
  91.  
  92.  
  93. # nwaf_ai_extra_host_lm *;
  94.  
  95. # nwaf_ai_extra_host_lm example.com, example.org;
  96.  
  97. # nwaf_ai_extra_host_lm .example.com;
  98.  
  99. # nwaf_ai_extra_host_lm *.example.com;
  100.  
  101.  
  102. # nwaf_ai_extra_host_wl *;
  103.  
  104. # nwaf_ai_extra_host_wl example.com, example.org;
  105.  
  106. # nwaf_ai_extra_host_wl .example.com;
  107.  
  108. # nwaf_ai_extra_host_wl *.example.com;
  109.  
  110.  
  111. ##
  112.  
  113. # RabbitMQ and AI extra global settings
  114.  
  115. ##
  116.  
  117.  
  118. nwaf_rmq host=127.0.0.1 user=guest password=guest ai_extra=on;
  119.  
  120.  
  121. ##
  122.  
  123. # ClamAV settings
  124.  
  125. ##
  126.  
  127.  
  128. # nwaf_clamav 127.0.0.1:3310;
  129.  
  130. # nwaf_clamav 127.0.0.1:3310 FILE_ONLY;
  131.  
  132.  
  133. ##
  134.  
  135. # Enable logging for all matched rules
  136.  
  137. ##
  138.  
  139.  
  140. # nwaf_log_mr_all;
  141.  
  142. # nwaf_log_mr_all domain=example.com;
  143.  
  144. # nwaf_log_mr_all domain=.example.com;
  145.  
  146. # nwaf_log_mr_all domain=*.example.com;
  147.  
  148.  
  149. ##
  150.  
  151. # Global WL/LM policy
  152.  
  153. ##
  154.  
  155.  
  156. ## Add client's IP to the whitelist
  157.  
  158. # nwaf_ip_wl x.x.x.x;
  159.  
  160. # nwaf_ip_wl x.x.x.x domain=example.com;
  161.  
  162. # nwaf_ip_wl x.x.x.x domain=.example.com;
  163.  
  164. # nwaf_ip_wl x.x.x.x domain=*.example.com;
  165.  
  166.  
  167. ## Add client's IP to the LM mode (like an IDS mode)
  168.  
  169. # nwaf_ip_lm x.x.x.x;
  170.  
  171. # nwaf_ip_lm x.x.x.x domain=example.com;
  172.  
  173. # nwaf_ip_lm x.x.x.x domain=.example.com;
  174.  
  175. # nwaf_ip_lm x.x.x.x domain=*.example.com;
  176.  
  177.  
  178. ## Switch off the Nemesida WAF
  179.  
  180. # nwaf_host_wl *;
  181.  
  182. # nwaf_host_wl example.com, example.org;
  183.  
  184. # nwaf_host_wl .example.com;
  185.  
  186. # nwaf_host_wl *.example.com;
  187.  
  188.  
  189. ## Add vhosts to the LM mode (like an IDS mode)
  190.  
  191. # nwaf_host_lm *;
  192.  
  193. # nwaf_host_lm example.com, example.org;
  194.  
  195. # nwaf_host_lm .example.com;
  196.  
  197. # nwaf_host_lm *.example.com;
  198.  
  199.  
  200. ## Add file's hash to ClamAV whitelist
  201.  
  202. # nwaf_clamav_wl FILE-MD5-HASH;
  203.  
  204.  
  205. ##
  206.  
  207. # Exclude request body processing for PUT method
  208.  
  209. ##
  210.  
  211.  
  212. # nwaf_put_body_exclude *;
  213.  
  214. # nwaf_put_body_exclude example.com, example.org;
  215.  
  216. # nwaf_put_body_exclude .example.com;
  217.  
  218. # nwaf_put_body_exclude *.example.com;
RAW Paste Data